The systems of Host Gator, a company that hosts over 8 million domains, have been reportedly breached by s3rver.exe. The hacker described the attack in a Pastebin document that was removed.
By leveraging a post cookie injection present on the site’s tickets subdomain, he allegedly managed to obtain the administrator’s password. Then he uploaded a shell that allowed him to gain access to the domain files of hostgator.com.
The data dump doesn’t seem to contain any sensitive information, but it shows that he had access to presumably restricted areas.
After the next phase, he contacted a member of Host Gator’s support team, asking him why the tracking.hostgator.com domain was down. The technician confirmed that for some reason there appeared to be “an issue on the server.”
Update: A HostGator representative has contacted us, denying S3rver.exe's claims. He has stated that they haven't been breached and the password allegedly cracked by the hacker isn't used "for anything."
The files S3rver.exe has leaked are available for anyone, even those who aren't "skilled" hackers.
Furthermore, the tracking subdomain to which the hacker uploaded his files can be easily manipulated to say things such as "tracking.hostgator.com/uploads/s3rver.php."
“tracking.hostgator.com has never loaded any content and never will as it will break how our tracking system works in conjunction with pixels,” the Host Gator representative explained.
Update 2. Here's the complete statement made by Host Gator:
We were not hacked. No shell was ever uploaded. We have no idea what the password "gatorhost3245~!" is but it's not one we ever used for anything.
The data dump is simply the html off of hostgator that anyone in the world can easily obtain by viewing our sites source.
The tracking.hostgator.com url can actually be manipulated to say anything you want it to such as:
tracking.hostgator.com has never loaded any content and never will as it will break how our tracking system works in conjunction with pixels.